DNS Spoofing is also known as DNS cache poisoning. It is malicious technique used by attackers to divert legitimate traffic to attacker’s fake website for his own sake.
The main idea behind DNS spoofing is that attacker introduces a corrupt domain name in the DNS resolver’s cache, where causes the legitimate user to fall into an incorrect IP address that is run by the attacker. This is the main formula used by attacker to redirect traffic to his fake website known as DNS spoofing.
A Domain Name Server short for DNS is a domain name resolution system that automatically convert domain name (alphabets) to IP address (numeric values). For example when you type www.google.com in URL search bar, its the duty of DNS to map domain name to specific IP address e.g 126.96.36.199. Now all you got the knowledge of what DNS.
For DNS spoofing you must be in particular network/LAN, if not so the you must find a computer that should be vulnerable to get password to infiltrate into the network. Well in an organization there are hundreds of computers and you just need to find a single vulnerable computer to get access.
The above example clearly describes how attacker changed particular website IP address with his own system’s IP address where the fake website exists.
What are the consequences of DNS Spoofing?
DNS spoofing was always a big malicious way to take someone’s business down. Infect DNS spoofing is a type of attack which goes unnoticed by the company until some other company brings a product with the same features into the market. Attackers of some particular company can spoof the DNS and keep a secret eye on the emails going in or out.
What are the Mitigations?
- Security should be built into DNS by security team.
- Security analyst must observe the latest DNS version and search for any vulnerability against DNS spoofing.
- Security analyst must see name server against domain they are using in organization.
There are many lot to be taken care of.
Well the other technique to keep an eye and capture the data in LAN network is ARP SPOOFING also know as ARP POISONING. ARP spoofing is a malicious attack where attacker sends a falsified ARP to target over a local area network. Please read more about that in link.
Are you interested to learn hacking techniques please visit our hacking category.